Risk assessment tools continue to evolve alongside the newly discovered or manufactured threats to infrastructure security. I chose to write about the protection plan for the communications sector. Communication companies are operating on a global scale, making them more vulnerable to manmade threats and cyberattacks (Homeland Security, 2015). Disruption of these services can lead to significant instabilities for other infrastructures (“Critical infrastructure vulnerability assessments,” n.d.). Therefore, I assume that the communication sector is one of the most protected and implements the most in-depth vulnerability assessment tools.
I believe that the accumulation of data is essential for reducing the potential loopholes for all types of threats. The value of data gathering can not be underestimated during a risk assessment, as it will be used to improve mitigation strategies further, and communications companies deal with an astounding amount of it (Radvanovsky & McDougall, 2013). A significant portion of the infrastructure is operated by the private sector, making its capacity to withstand threats a vital part of the overall security of a framework (Radvanovsky & McDougall, 2019). Therefore, it might be even more beneficial to make participation mandatory, but even voluntary data provision is helpful.
If I were to advise on security for infrastructure during a present threat, I would use the assessment tools to determine the course of action. Most of the reviewed factors suffice the needs of a company in the determination of a further plan of action. Assuming that threat occurrence was done correctly, a company is supposed to possess sufficient resources to neutralize it. However, if I were to improve any steps in the process, I would propose to focus more on the continuation of service, as interconnectedness implies that the damage can be extended if the attack succeeds (Giannopoulos et al., 2012). Otherwise, vulnerability assessment should be sufficient if it was correctly executed.
Critical infrastructure vulnerability assessments. (n.d.). Cybersecurity & Infrastructure Security Agency.
Giannopoulos, G., Filippini, R., Schimmer, M., & European Commission. Joint Research Centre. Institute for the Protection and the Security of the Citizen. (2012). Risk assessment methodologies for critical infrastructure protection: A state of the art (EUR 25286 EN – 2012). European Commission. Web.
Homeland Security. (2015). Communications sector-specific plan: An annex to the NIPP 2013. Cybersecurity & Infrastructure Security Agency.
Radvanovsky, R. S., & McDougall, A. (2013). Critical infrastructure: Homeland Security and emergency preparedness (3rd ed.). CRC Press.
Radvanovsky, R. S., & McDougall, A. (2019). Critical infrastructure: Homeland Security and emergency preparedness (4th ed.). CRC Press.